Happy Hour 'Virus' Promises Respite From Work

Did you party a bit too much over the long Thanksgiving weekend? Still have oodles of holiday shopping to complete? Or maybe you just need a break? Then why not infect your PC with a fake virus and system crash?

That's the pitch behind the Happy Hour Virus, which promises to deliver a full-screen browser page that mimics a kernel panic, broken monitor, or feared blue screen of death, thus making it suitable for use by work-averse Mac OS X, Linux, and Windows users.

"We are all better employees if we achieve something called a work-life balance," the virus site reads. "However, pursuing that goal is not always an easy task in today's corporate culture. Please use the Happy Hour Virus to leave work early and enjoy the company of friends, family or co-workers."

Would-be security experts reacted with mock alarm to news of the virus. Paul Ducklin, head of technology for Sophos in the Asia/Pacific region, cited David Ullard, "CYO" of Boulder, Colo.-based productivity and workplace security action group Boulder Online Regulators of Interactive Network Games -- get it? -- as saying: "We expect this problem to peak on Friday afternoons... This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser."

"Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default," Ducklin said breathlessly in a blog post.

He added that the cross-platform virus could easily be abused by people allergic to work. "Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don't get viruses and thus cannot actually crash at all."

Of course, Ducklin's analysis -- and as well as the entity known as "D. Ullard" -- are just an extension of the joke. In fact, as AdWeek first reported, the virus is part of an advertising campaign launched by Boulder-based advertising agency TDA_Boulder. The virus landing page links to an employment application for the agency.

The virus's self-sabotage capabilities might offer some respite from your daily grind. But be forewarned: If your manager -- or information security department -- becomes clued in to the ruse, that job holiday might become permanent.

For experienced PC users, Happy Hour will no doubt hark back to the good old days of DOS games, which excelled at offering fake functionality for the purposes of putting one over on your boss. Indeed, the games' major workplace innovation was the so-called boss button, or boss key, which filled the screen with a fake spreadsheet or other evidence of supposed productivity. Certain games, such as the IBM PC version of "Leather Goddesses of Phobos," took this to comic lengths, for example by populating its spreadsheet with unique cell entries, including adult-themed recreational items such as "inflatable milkman."

In time, boss buttons made the jump to the online realm. In 2008, for example, CBS added a boss button to its NCAA March Madness streaming site, to hide the stream behind a fake spreadsheet. After 2.5 million people clicked on the boss button that year, CBS announced that for 2009, the boss button would have a corporate sponsor.

As in the old boss-button days, after invoking the fake screen, the user can press a designated key -- in the case of the Happy Hour virus, appropriately enough, that's the "escape" button – to undo any apparent damage. Just don't make the damage permanent by getting caught.

Then again, maybe your boss is using it, too.

There's no such thing as perfection when it comes to software applications, but organizations should make every effort to ensure that their developers do everything in their power to get as close as possible. This Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, examines the challenges of finding and remediating bugs in applications that are growing in complexity and number, and recommends tools and best-practices for weaving vulnerability management into the development process from the very beginning. (Free registration required.)

Conversely, it's interesting to see how often staff have no idea about covert monitoring software. I installed a few network monitors on company networks for bosses before and nobody ever thought to have a quick look at task manager!

Your boss will find out about your online posts about leaving work before your friends do...and then file a help desk ticket on your behalf that ends up getting your PC replaced with one of these crusty loaner laptops running XP on 512 MB RAM and a 20GB hard drive. Monday morning will be a real drag.

@whoopty before this, there was something that allowed a fake spreadsheet or something that looks like a work email to pop up when employees were doing something other than work on their computers. It's called the "boss button," and it was also promoted as a way to watch sports at work, as per this video:

Wow, I suppose I shouldn't be surprised that someone thought of this. After all, I heard today that more than half people surveyed said they intend to shop online while at work. Given that so many people now bring their own mobile devices to work, I suppose they can hit the shops on those while supposedly waiting for their computers to become operational once again.